DCE RPC FLOOD on Patched Network

Discussion in 'Server Security' started by MR V, Sep 6, 2004.

  1. MR V

    MR V Guest

    Hi,

    My LAN was being hammered today by what my packet sniffer describes as
    DCE/RPC pings to non existent IP addresses. We have fully up to date pacthed
    Windows 2000 servers and PC's and have ran up to date Virus Scans, Adware
    Scans, Trojan Scans on the machines we identified as broadcasting ,but have
    found nothing incriminating to indicate what is causing this. After
    rebooting machines the invisible process that is causing the DCE RPC floods
    seems to disappear. All the usual (up to date) scanning tools find nothing,
    but the LAN is still flooded with trafiic making it unuseable. Any one have
    any idea what this might be?

    Thanks Mr V
     
    MR V, Sep 6, 2004
    #1
    1. Advertisements

  2. MR V

    S. Pidgorny Guest

    An unknown worm. Badly written application. Combination of both.
    Use Netowrk-based IDS like Snort (www.snort.org) - it will give you more
    information.
    How many PCs are the sources and what process generates traffic?
     
    S. Pidgorny, Sep 8, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.